UK Data Protection E-news - January 2010

  1. £500,000 DP fine in force from 6 April
  2. DMA launches standard for direct marketers

1. £500,000 DP fine in force from 6 April

The Government has confirmed that the maximum monetary fine for serious breaches of the DP Act will be £500,000. A draft statutory instrument was laid before Parliament on 12 January.

This new power is expected to enter into force on 6 April, and will apply to serious breaches that are likely to cause damage or distress and, are either deliberate or negligent, and the organisations fail to take reasonable steps to prevent the breaches.

The ICO has now produced statutory guidance about how it proposes to use this new power. The Information Commissioner will carefully consider the circumstances, and promises to take a pragmatic and proportionate approach.

The Information Commissioner, Christopher Graham, said: “These penalties are designed to act as a deterrent and to promote compliance with the Data Protection Act. I remain committed to working with voluntary, public and private bodies to help them stick to the rules and comply with the Act. But I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law.”

Read more about what this new penalty means for organisations in the February issue of PL&B UK Newsletter.

PL&B’s Roundtable with Christopher Graham, the UK’s new Information Commissioner, on 26th January in London is now full.   

2. DMA launches standard for direct marketers

The Direct Marketing Association (DMA) has developed an information security standard specifically for the direct marketing industry. The standard, DataSeal, has been created with BSi Management Systems, and its specifications are planned go above the minimum legislative requirements for information security.

DataSeal certification can be achieved by passing an independent audit by BSi. Once in place, an annual audit is required. Organisations can then progress to apply for information security standard ISO:27001. Organisations that have already achieved ISO:27001 certification through a UKAS-approved certification body will automatically be eligible for DataSeal certification.

First piloted in May 2009, the standard was launched on 27 January. The DMA hopes that DataSeal will establish an industry-wide approach to information security.

See more information.

For further details on the Privacy Laws & Business UK Newsletter, please click here.

Copyright Privacy Laws & Business 2010